--On Tuesday, February 07, 2012 5:05 PM -0500 Daniel Savard dsavard@cids.ca wrote:
Le mardi 07 février 2012 à 16:09 -0500, Daniel Savard a écrit : (...)
add: olcTLSCipherSuite olcTLSCipherSuite: AES256
(...)
Seems the cipher list is the offending value which cause the crash. I did start the slapd process with the debug flag and got the following message (I did try with HIGH instead of AES256 with same result below):
... oc_check_allowed type "modifyTimestamp" TLS: could not set cipher list HIGH. *** glibc detected *** /usr/lib/openldap/slapd: double free or corruption (!prev): 0x08269cd8 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6e7b1)[0xb74217b1] /lib/libc.so.6(+0x700e3)[0xb74230e3] /lib/libc.so.6(cfree+0x6d)[0xb742626d] /usr/lib/libgnutls.so.26(gnutls_priority_deinit+0x20)[0xb731f500] /usr/lib/libldap_r-2.4.so.2(+0x3a9d3)[0xb77c09d3] /usr/lib/libldap_r-2.4.so.2(ldap_pvt_tls_ctx_free+0x25)[0xb77bd5c5] /usr/lib/libldap_r-2.4.so.2(+0x37697)[0xb77bd697] /usr/lib/openldap/slapd[0x8061642] /usr/lib/openldap/slapd[0x806669f] /usr/lib/openldap/slapd(fe_op_modify+0x1b5)[0x8094215] /usr/lib/openldap/slapd(do_modify+0x7c7)[0x80962e7] /usr/lib/openldap/slapd[0x807c2df] /usr/lib/openldap/slapd[0x807cc4a] /usr/lib/libldap_r-2.4.so.2(+0xeb6c)[0xb7794b6c] /lib/libpthread.so.0(+0x6e32)[0xb75f9e32] /lib/libc.so.6(clone+0x5e)[0xb748530e] ======= Memory map: ======= ...
Accordingly to the documentation, HIGH is an acceptable value.
How should I proceed to implement TLS? The documentation is still referring to the old slapd.conf file.
I would first upgrade to a more recent release. I would also generally advise using something more secure than GnuTLS, such as OpenSSL, to link OpenLDAP to.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration